ClawKit Logo
ClawKitReliability Toolkit
Back to Registry
Official Verified

skill-security-scanner

Security scanner for OpenClaw skills. Use when installing, updating, or auditing skills to detect malicious backdoors, suspicious code patterns, data exfiltration risks, and security vulnerabilities. Automatically analyzes Python/JavaScript/Shell code for dangerous functions (eval, exec, system calls), network requests, file operations, environment variable access, obfuscation patterns, and known attack signatures. Provides security score and installation recommendations.

skill-install — Terminal

Install via CLI (Recommended)

clawhub install openclaw/skills/skills/cookiemikeliu/skill-security-scanner-clean
Or

Skill Security Scanner

Protect your OpenClaw installation from malicious skills. This scanner performs static analysis on skill code to detect:

  • Code Execution Threats: eval, exec, os.system, subprocess calls
  • Data Exfiltration: Hidden network requests, suspicious URLs, IP connections
  • System Compromise: File deletion, permission changes, privilege escalation
  • Credential Theft: Environment variable access, secret harvesting
  • Cryptojacking: Mining malware, suspicious compute patterns
  • Obfuscation: Hidden code, base64 encoding, minification
  • Spyware: Keyloggers, screen capture, surveillance features

Quick Start

# Basic scan
python scripts/security_scanner.py /path/to/skill

# Strict mode (catches more suspicious patterns)
python scripts/security_scanner.py /path/to/skill --strict

# Save JSON report
python scripts/security_scanner.py /path/to/skill --format json -o report.json

# Generate markdown report
python scripts/security_scanner.py /path/to/skill --format markdown -o report.md

Understanding Results

Verdict Levels

VerdictEmojiMeaningAction
PASS🟢No critical issues foundSafe to install
REVIEW🟡Some concerns, review recommendedCheck findings before installing
WARNING🟠High-risk patterns detectedStrongly reconsider installation
REJECT🔴Critical threats identifiedDO NOT INSTALL

Security Score

  • 90-100: Excellent - minimal risk
  • 70-89: Good - minor issues
  • 50-69: Fair - requires review
  • 0-49: Poor - significant risks

Detection Rules

Critical (🔴)

RuleDescriptionExample
EXEC001Code execution functionseval(), exec(), compile()
SUSPICIOUS001Keylogger functionalitypynput, keyboard modules
SUSPICIOUS003Cryptocurrency miningmining, bitcoin, stratum+tcp

High (🟠)

RuleDescriptionExample
EXEC002System command executionos.system(), subprocess.call()
NET002Raw socket connectionssocket.connect()
ENV001Sensitive credential accessos.environ['PASSWORD']
OBF001Code obfuscationBase64, hex-encoded code
SUSPICIOUS002Screen capturepyautogui.screenshot()
NET004Short URL usagebit.ly, tinyurl links

Medium (🟡)

RuleDescriptionExample
NET001HTTP network requestsrequests.get(), fetch()
ENV002Environment enumerationos.environ.items()
FILE001File deletionos.remove(), shutil.rmtree()
DATA001Unsafe deserializationpickle.loads(), yaml.load()
NET003Hardcoded IP addressesDirect IP in URLs
OBF002Base64 encoded blocksLarge base64 strings

Low/Info (🔵/⚪)

Read Full Documentation on GitHub

Metadata

Author@cookiemikeliu
Stars3409
Views0
Updated2026-03-25
View Author Profile
AI Skill Finder

Not sure this is the right skill?

Describe what you want to build — we'll match you to the best skill from 16,000+ options.

Find the right skill
Add to Configuration

Paste this into your clawhub.json to enable this plugin.

{
  "plugins": {
    "official-cookiemikeliu-skill-security-scanner-clean": {
      "enabled": true,
      "auto_update": true
    }
  }
}
Safety NoteClawKit audits metadata but not runtime behavior. Use with caution.